The Aurora API allows you to tag projects. You can use the tags to scope a restricted key's access to certain resources.
To create a project with tags, simply include the tags field in the request body of a Create Project or Update Project call while using a standard key, with any tags you'd like to add:
"project": {
...,
"tags": ["my_tag", "my_other_tag"]
}
Scoping Tagged Resources
Your tenant admin can limit the resources that a restricted key has access to. For example, you can allow a restricted key to only List or Retrieve projects with the tag "my_tag".
When creating a restricted key, enable any endpoints which you would like the key to have access to. For endpoints which support tagged access, you can optionally include any tags as a comma separated list. Not including tags will allow access to all resources for that endpoint. Endpoints that support tagged access are:
| Projects | Designs | Assets |
|---|---|---|
| List Projects | List Design | List Design Assets |
| Retrieve Project | Create Design | Retrieve Design Asset |
| Create Project | Duplicate Design | |
| Update Project | Retrieve Design Summary | |
| Delete Project | Retrieve Roof Summary | |
| Retrieve Web Proposal | ||
| Generate Web Proposal |
Tag Inheritance
Tags defined on a project are inherited by design and asset resources that are created inside the project. To take advantage of an inherited tag, you will need to include the project's tag on each of the endpoints that you wish to scope down.
A Concrete Example
Take a Restricted Key named Key A with the following properties:
List Projects: "tag_a"Retrieve Projects: "tag_a"Retrieve Roof Summary: "tag_a"List Assets: "tag_aRetrieve Asset: "tag_a"
And a Restricted Key named Key B with the following properties
List Projects: "tag_b"Retrieve Projects: "tag_b"
Then, when creating projects via API with your Standard Key , the following scenarios exist:
- Create with
"tags": ["tag_a"]-> onlyKey Awill be able to see this project, and view the roof summary or assets of it. - Create with
"tags": ["tag_b"]-> onlyKey Bwill be able to see this project. However it won't be able to retrieve assets because those endpoints were not added to the key. - Create with
"tags": ["tag_a", "tag_b"]-> BothKey AandKey Bwill be able to see this project, but onlyKey Awill be able to view the roof summary or assets of it.
This allows for fine grained access of your Aurora resources, both by API endpoint and by project.